Logstash only in DMZ?

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
vAJ
Posts: 456
Joined: Thu Nov 08, 2012 5:09 pm
Location: Austin, TX

Logstash only in DMZ?

Post by vAJ »

Anyone tried or have running a separate logstash instance listening in a secure zone (DMZ) then writing back to elastic in your LAN zone?

I'm getting static from InfoSec on the fact that nxlog traffic source ports are ephemeral. Having a listener inside DMZ that wasn't part of the cluster would be great. I don't want any of the cluster data stored/sharded in the DMZ, though.

-AJ
Andrew J. - Do you even grok?
Top
tmcdonald
Posts: 9117
Joined: Mon Sep 23, 2013 8:40 am

Re: Logstash only in DMZ?

Post by tmcdonald »

Logjam?

https://github.com/gocardless/logjam
Former Nagios employee
Top
vAJ
Posts: 456
Joined: Thu Nov 08, 2012 5:09 pm
Location: Austin, TX

Re: Logstash only in DMZ?

Post by vAJ »

I guess that works. Would need to switch from om_tcp to om_udp.

Sweet. I'll have to test that out.
Andrew J. - Do you even grok?
Top
User avatar
mcapra
Posts: 3739
Joined: Thu May 05, 2016 3:54 pm

Re: Logstash only in DMZ?

Post by mcapra »

Let us know how it works! We've only ever played around with generic forwarders. Logjam definitely looks like a superior solution for your use case.
Former Nagios employee
https://www.mcapra.com/
Top
Locked

Return to “Nagios Log Server”